def test_various_statuses(self):
created = HttpCreated(location='http://example.com/thingy/1/')
self.assertEqual(created.status_code, 201)
self.assertEqual(created['Location'], 'http://example.com/thingy/1/')
# Regression.
created_2 = HttpCreated()
self.assertEqual(created_2.status_code, 201)
self.assertEqual(created_2['Location'], '')
accepted = HttpAccepted()
self.assertEqual(accepted.status_code, 202)
no_content = HttpNoContent()
self.assertEqual(no_content.status_code, 204)
see_other = HttpSeeOther()
self.assertEqual(see_other.status_code, 303)
not_modified = HttpNotModified()
self.assertEqual(not_modified.status_code, 304)
bad_request = HttpBadRequest()
self.assertEqual(bad_request.status_code, 400)
unauthorized = HttpUnauthorized()
self.assertEqual(unauthorized.status_code, 401)
not_found = HttpNotFound()
self.assertEqual(not_found.status_code, 404)
not_allowed = HttpMethodNotAllowed()
self.assertEqual(not_allowed.status_code, 405)
conflict = HttpConflict()
self.assertEqual(conflict.status_code, 409)
gone = HttpGone()
self.assertEqual(gone.status_code, 410)
toomanyrequests = HttpTooManyRequests()
self.assertEqual(toomanyrequests.status_code, 429)
not_implemented = HttpNotImplemented()
self.assertEqual(not_implemented.status_code, 501)
def post_detail(self, request, **kwargs):
pk = kwargs['pk'].strip("/")
metric = Metric.objects.get(pk=pk)
obs_class = metric.unit.observation_type.model_class()
if obs_class is RatioObservation:
return HttpNotImplemented()
else:
from_dt = iso8601.parse_date(request.POST['from_datetime']).replace(tzinfo=None)
to_dt = iso8601.parse_date(request.POST['to_datetime']).replace(tzinfo=None)
metric_obs = metric.related_observations
try:
ob = metric_obs.get(
metric = metric,
from_datetime = from_dt,
to_datetime = to_dt,
)
except obs_class.DoesNotExist:
ob = obs_class.objects.create(
metric = metric,
from_datetime = from_dt,
to_datetime = to_dt,
)
rawvalue = request.POST.get('value', None)
ob.value = self.deserialize(request, rawvalue)
ob.save()
url = "/observation/%s/" % ob.pk
return HttpCreated(location=url)
def test_should_return_error_message_in_tastypie_if_exception_while_loading_vcl(self):
with patch('vaas.cluster.cluster.load_vcl_task.delay', side_effect=Exception('load vcl failed')):
request = MagicMock(id='10', session={})
middleware = VclRefreshMiddleware()
VclRefreshState.set_refresh('10', [MagicMock(id='1')])
response = middleware.process_response(request, HttpCreated())
assert_true(isinstance(response, HttpApplicationError))
assert_equals(b'Exception: load vcl failed', response.content)
def post_list(self, request, **kwargs):
assignment = Assignment.objects.current_assignment()
if assignment is not None:
bn = Bone(target=assignment.worker)
bn.save()
bn_res = BoneResource()
bn_location = bn_res.get_resource_uri(bn)
return HttpCreated(location=bn_location)
else:
return HttpBadRequest()
def post_list(self, request, **kwargs):
today = date.today()
assignment = Assignment.objects.current_assignment()
if assignment is not None:
ndg = Nudge(target=assignment.worker)
ndg.save()
ndg_res = NudgeResource()
ndg_location = ndg_res.get_resource_uri(ndg)
return HttpCreated(location=ndg_location)
else:
return HttpBadRequest()
def post_detail(self, request, **kwargs):
assignment = Assignment.objects.get(pk=kwargs['pk'])
if 'defer' in request.POST:
debit = assignment.defer()
debit_res = DebitResource()
location = debit_res.get_resource_uri(debit)
return HttpCreated(location=location)
elif 'nudge' in request.POST:
nudge = Nudge.objects.create(target=assignment.worker)
nudge_res = NudgeResource()
location = nudge_res.get_resource_uri(nudge)
return HttpCreated(location=location)
return HttpBadRequest()
def post_list(self, request, **kwargs):
"""Stop making it return standard location header"""
deserialized = self.deserialize(request,
request.body,
format=request.META.get(
'CONTENT_TYPE',
'application/json'))
bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized),
request=request)
self.is_valid(bundle)
updated_bundle = self.obj_create(bundle, request=request)
return HttpCreated(location=updated_bundle.obj.get_absolute_url())
def post_list(self, request, **kwargs):
deserialized = self.deserialize(
request, request.raw_post_data,
format=request.META.get('CONTENT_TYPE', 'application/json')
)
bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized))
self.is_valid(bundle, request)
post = request.POST.copy()
post.update(bundle.data)
request.POST = post
request._dont_enforce_csrf_checks = True
response = password_reset(request)
return HttpCreated(location=response['location'])
def put_detail(self, request, **kwargs):
"""
rewrite the parent method to do litter alternatives for the deserialized data
"""
deserialized = self.deserialize(request)
deserialized = self.alter_put_detail_deserialized_data(deserialized)
deserialized = self.alter_deserialized_detail_data(
request, deserialized)
bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized),
request=request)
try:
updated_bundle = self.obj_update(
bundle=bundle, **self.remove_api_resource_names(kwargs))
if 'FILES' in deserialized:
file_keys = [key for key in deserialized['FILES'].keys()]
obj = updated_bundle.obj
for key in file_keys:
if hasattr(obj, key):
setattr(obj, key, deserialized['FILES'][key])
obj.save()
self.obj_post_updated(obj)
if not self._meta.always_return_data:
return HttpNoContent()
else:
# Invalidate prefetched_objects_cache for bundled object
# because we might have changed a prefetched field
updated_bundle.obj._prefetched_objects_cache = {}
updated_bundle = self.full_dehydrate(updated_bundle)
updated_bundle = self.alter_detail_data_to_serialize(
request, updated_bundle)
return self.create_response(request, updated_bundle)
except (NotFound, MultipleObjectsReturned):
updated_bundle = self.obj_create(
bundle=bundle, **self.remove_api_resource_names(kwargs))
location = self.get_resource_uri(updated_bundle)
if not self._meta.always_return_data:
return HttpCreated(location=location)
else:
updated_bundle = self.full_dehydrate(updated_bundle)
updated_bundle = self.alter_detail_data_to_serialize(
request, updated_bundle)
return self.create_response(request,
updated_bundle,
response_class=HttpCreated,
location=location)
def obj_get_list(self, bundle, **kwargs):
query = bundle.request.GET.get('q')
if not query:
response = {'status': 0, 'message': 'Empty query'}
else:
#from my_task.tasks import google, duck_duck_go, twitter
from my_task.tasks import google, duck_duck_go, twitter
# Async process
from celery.result import ResultSet
#A collection of results.
rs = ResultSet([])
# Add AsyncResult as a new member of the set.
rs.add(google.delay(query))
rs.add(duck_duck_go.delay(query))
rs.add(twitter.delay(query))
response = rs.get() # waiting for the results
url = "http://127.0.0.1:8000/my_resources/v1/search/?q={query}".format(
query=query)
try:
response = {
'query': query,
'results': {
'google': {
'text': response[0],
'url': url
},
'duckduckgo': {
'text': response[1],
'url': url
},
'twitter': {
'text': response[2],
'url': url
}
}
}
except AttributeError:
response = {'status': 0, 'message': 'Result Timeout'}
# For immediate response
raise ImmediateHttpResponse(response=HttpCreated(
content=json.dumps(response),
content_type='application/json; charset=UTF-8'))
def post_list(self, request, **kwargs):
post_data = self.deserialize(request,
request.body,
format=request.META.get(
'CONTENT_TYPE', 'application/json'))
bundle = self.build_bundle(data=dict_strip_unicode_keys(post_data),
request=request)
self.is_valid(bundle)
updated_bundle = self.obj_create(bundle)
if updated_bundle.obj.sender is updated_bundle.obj.recipient:
error_message = "You can't send message to yourself"
cont_dic = {"error": error_message}
content = json.dumps(cont_dic)
return HttpResponseBadRequest(content_type='application/json',
content=content)
updated_bundle.obj.save()
return HttpCreated(location=updated_bundle.obj.get_absolute_url())
def post_list(self, request, **kwargs):
"""
Creates a new resource/object with the provided data.
Calls ``obj_create`` with the provided data and returns a response
with the new resource's location.
If a new resource is created, return ``HttpCreated`` (201 Created).
"""
deserialized = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json'))
# Force this in an ugly way, at least should do "reverse"
deserialized["users"] = ["/api/v1/user/%s/" % request.user.id,]
bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized))
self.is_valid(bundle, request)
updated_bundle = self.obj_create(bundle, request=request)
return HttpCreated(location=self.get_resource_uri(updated_bundle))
def post_list(self, request, **kwargs):
"""
Creates a new resource/object with the provided data.
Calls ``obj_create`` with the provided data and returns a response
with the new resource's location.
If a new resource is created, return ``HttpCreated`` (201 Created).
"""
deserialized = self.deserialize(
request, request.raw_post_data,
format=request.META.get('CONTENT_TYPE', 'application/json')
)
deserialized = self.alter_deserialized_list_data(request, deserialized)
bundle = ResultBundle(**dict_strip_unicode_keys(deserialized))
self.is_valid(bundle, request)
updated_bundle = self.obj_create(bundle, request=request)
return HttpCreated(location=self.get_resource_uri(updated_bundle))
def remove_children(self, request, **kwargs):
try:
obj = self.cached_obj_get(request=request,
**self.remove_api_resource_names(kwargs))
except ObjectDoesNotExist:
return HttpGone()
except MultipleObjectsReturned:
return HttpMultipleChoices("More than one resource "
"is found at this URI.")
if request.method == 'POST':
data = json.loads(request.POST.items()[0][0])
if 'image' in data:
if isinstance(data['image'], list):
for URI in data['image']:
try:
im = Image.objects.get(
uuid=uuid_re.search(URI).group()
)
obj.image_set.remove(im)
except ObjectDoesNotExist:
return HttpResponseNotFound(
'At least one of the image '
'URI\'s cannot be found')
else:
raise ImmediateHttpResponse(response=HttpForbidden(
'Image URI\'s must be in an array'))
if 'wordbox' in data:
if isinstance(data['wordbox'], list):
for URI in data['wordbox']:
try:
wb = WordBox.objects.get(uuid=uuid_re.search(
URI).group())
obj.wordbox_set.remove(wb)
except ObjectDoesNotExist:
return HttpResponseNotFound(
'At least one of the wordbox '
'URI\'s cannot be found')
else:
raise ImmediateHttpResponse(response=HttpForbidden(
'Wordbox URI\'s must be in an array'))
else:
raise ImmediateHttpResponse(response=HttpResponse(status=405))
return HttpCreated()
class ExemploResource(Resource):
class Meta:
allowed_methods = ['post']
resource_name = 'exemplo'
authorization = Authorization()
def obj_create(self, bundle, **kwargs):
logger.info('REQUEST: %s', bundle.data)
try:
mensagem = bundle.data['mensagem']
except KeyError, e:
logger.error('Faltando o parametro %s.' % str(e))
raise ImmediateHttpResponse(
HttpBadRequest(
JsonResponse(
{'error': 'Faltando o parametro %s.' % str(e)})))
raise ImmediateHttpResponse(
HttpCreated(
JsonResponse(
{'success':
'Mensagem recebida foi = %s' % str(mensagem)})))
def obj_create(self, bundle, **kwargs):
bundle.obj = ImportScanObject(initial=kwargs)
self.is_valid(bundle)
if bundle.errors:
raise ImmediateHttpResponse(response=self.error_response(bundle.request, bundle.errors))
bundle = self.full_hydrate(bundle)
test = bundle.obj.__getattr__('test_obj')
scan_type = bundle.obj.__getattr__('scan_type')
min_sev = bundle.obj.__getattr__('minimum_severity')
scan_date = bundle.obj.__getattr__('scan_date')
verified = bundle.obj.__getattr__('verified')
active = bundle.obj.__getattr__('active')
try:
parser = import_parser_factory(bundle.data['file'], test)
except ValueError:
raise NotFound("Parser ValueError")
try:
items = parser.items
original_items = test.finding_set.all().values_list("id", flat=True)
new_items = []
mitigated_count = 0
finding_count = 0
finding_added_count = 0
reactivated_count = 0
for item in items:
sev = item.severity
if sev == 'Information' or sev == 'Informational':
sev = 'Info'
if Finding.SEVERITIES[sev] > Finding.SEVERITIES[min_sev]:
continue
if scan_type == 'Veracode Scan' or scan_type == 'Arachni Scan':
find = Finding.objects.filter(title=item.title,
test__id=test.id,
severity=sev,
numerical_severity=Finding.get_numerical_severity(sev),
description=item.description
)
else:
find = Finding.objects.filter(title=item.title,
test__id=test.id,
severity=sev,
numerical_severity=Finding.get_numerical_severity(sev),
)
if len(find) == 1:
find = find[0]
if find.mitigated:
# it was once fixed, but now back
find.mitigated = None
find.mitigated_by = None
find.active = True
find.verified = verified
find.save()
note = Notes(entry="Re-activated by %s re-upload." % scan_type,
author=bundle.request.user)
note.save()
find.notes.add(note)
reactivated_count += 1
new_items.append(find.id)
else:
item.test = test
item.date = test.target_start
item.reporter = bundle.request.user
item.last_reviewed = timezone.now()
item.last_reviewed_by = bundle.request.user
item.verified = verified
item.active = active
item.save()
finding_added_count += 1
new_items.append(item.id)
find = item
if hasattr(item, 'unsaved_req_resp') and len(item.unsaved_req_resp) > 0:
for req_resp in item.unsaved_req_resp:
burp_rr = BurpRawRequestResponse(finding=find,
burpRequestBase64=req_resp["req"],
burpResponseBase64=req_resp["resp"],
)
burp_rr.clean()
burp_rr.save()
if item.unsaved_request is not None and item.unsaved_response is not None:
burp_rr = BurpRawRequestResponse(finding=find,
burpRequestBase64=item.unsaved_request,
burpResponseBase64=item.unsaved_response,
)
burp_rr.clean()
burp_rr.save()
if find:
finding_count += 1
for endpoint in item.unsaved_endpoints:
ep, created = Endpoint.objects.get_or_create(protocol=endpoint.protocol,
host=endpoint.host,
path=endpoint.path,
query=endpoint.query,
fragment=endpoint.fragment,
product=test.engagement.product)
find.endpoints.add(ep)
if item.unsaved_tags is not None:
find.tags = item.unsaved_tags
# calculate the difference
to_mitigate = set(original_items) - set(new_items)
for finding_id in to_mitigate:
finding = Finding.objects.get(id=finding_id)
finding.mitigated = datetime.combine(scan_date, timezone.now().time())
finding.mitigated_by = bundle.request.user
finding.active = False
finding.save()
note = Notes(entry="Mitigated by %s re-upload." % scan_type,
author=bundle.request.user)
note.save()
finding.notes.add(note)
mitigated_count += 1
except SyntaxError:
raise NotFound("Parser SyntaxError")
# Everything executed fine. We successfully imported the scan.
raise ImmediateHttpResponse(HttpCreated(location = bundle.obj.__getattr__('test')))
def obj_create(self, bundle, **kwargs):
bundle.obj = ImportScanObject(initial=kwargs)
self.is_valid(bundle)
if bundle.errors:
raise ImmediateHttpResponse(response=self.error_response(bundle.request, bundle.errors))
bundle = self.full_hydrate(bundle)
# We now have all the options we need and will just replicate the process in views.py
tt, t_created = Test_Type.objects.get_or_create(name=bundle.data['scan_type'])
# will save in development environment
environment, env_created = Development_Environment.objects.get_or_create(name="Development")
scan_date = datetime.strptime(bundle.data['scan_date'], '%Y-%m-%d')
t = Test(engagement=bundle.obj.__getattr__('engagement_obj'), test_type=tt, target_start=scan_date,
target_end=scan_date, environment=environment, percent_complete=100)
t.full_clean()
t.save()
t.tags = bundle.data['tags']
try:
parser = import_parser_factory(bundle.data['file'], t)
except ValueError:
raise NotFound("Parser ValueError")
try:
for item in parser.items:
sev = item.severity
if sev == 'Information' or sev == 'Informational':
sev = 'Info'
item.severity = sev
if Finding.SEVERITIES[sev] > Finding.SEVERITIES[bundle.data['minimum_severity']]:
continue
item.test = t
item.date = t.target_start
item.reporter = bundle.request.user
item.last_reviewed = timezone.now()
item.last_reviewed_by = bundle.request.user
item.active = bundle.data['active']
item.verified = bundle.data['verified']
item.save()
if hasattr(item, 'unsaved_req_resp') and len(item.unsaved_req_resp) > 0:
for req_resp in item.unsaved_req_resp:
burp_rr = BurpRawRequestResponse(finding=item,
burpRequestBase64=req_resp["req"],
burpResponseBase64=req_resp["resp"],
)
burp_rr.clean()
burp_rr.save()
if item.unsaved_request is not None and item.unsaved_response is not None:
burp_rr = BurpRawRequestResponse(finding=item,
burpRequestBase64=item.unsaved_request,
burpResponseBase64=item.unsaved_response,
)
burp_rr.clean()
burp_rr.save()
for endpoint in item.unsaved_endpoints:
ep, created = Endpoint.objects.get_or_create(protocol=endpoint.protocol,
host=endpoint.host,
path=endpoint.path,
query=endpoint.query,
fragment=endpoint.fragment,
product=t.engagement.product)
item.endpoints.add(ep)
if item.unsaved_tags is not None:
item.tags = item.unsaved_tags
except SyntaxError:
raise NotFound("Parser SyntaxError")
# Everything executed fine. We successfully imported the scan.
res = TestResource()
uri = res.get_resource_uri(t)
raise ImmediateHttpResponse(HttpCreated(location = uri))
def post_list(self, request, **kwargs):
hosts_list = json.loads(request.body)["objects"]
self._validate_list(hosts_list)
cache.set("auto_discovered_hosts_json", json.dumps(hosts_list), None)
return HttpCreated()